3 matches found
CVE-2024-9108 Wechat Social login <= 1.3.0 - Unauthenticated Arbitrary File Upload
The Wechat Social login plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'convertremoteimagetolocal' function in versions up to, and including, 1.3.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the...
CVE-2024-9108 Wechat Social login <= 1.3.0 - Unauthenticated Arbitrary File Upload
The Wechat Social login plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'convertremoteimagetolocal' function in versions up to, and including, 1.3.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the...
WordPress Wechat Social login Plugin <= 1.3.0 is vulnerable to Arbitrary File Upload
Software Wechat Social login Type Plugin Vulnerable versions = 1.3.0 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-9108 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 7303314c8667 Credits István Márton Required privilege...